django-mfa2 icon indicating copy to clipboard operation
django-mfa2 copied to clipboard

Published 20 hours ago verified publisher icon mkalioby

FIDO2.complete_reg returns wrong status_code == 200 in exception handling

Open 41WhiteElephants opened this issue 1 year ago • 2 comments

Please stick to HTTP convention and change status codes when you catch exceptions. When I was using your code in my wrappers to apply JWT auth into it, I found in negative test with wrong payload I cannot pass the line below 'cause it was always status_code == 200 assert response = client.post(url, wrong_payload, format='json') assert response.status_code == HTTP_400_BAD_REQUEST

As an example, code from mfa/FIDO2.py line 89.

return JsonResponse({'status': 'ERR', "message": "Error on server, please try again later"}) is using default status_code = 200 from base class HttpResponseBase .

expected code: return JsonResponse({'status': 'ERR', "message": "Error on server, please try again later"}, status=status.HTTP_400_BAD_REQUEST) The same goes for mfa/FIDO2.py line 55.

41WhiteElephants avatar Jan 22 '24 18:01 41WhiteElephants

You can open a PR and I'll merge as ASAP.

mkalioby avatar Jan 22 '24 19:01 mkalioby

Here https://github.com/mkalioby/django-mfa2/pull/85

41WhiteElephants avatar Jan 23 '24 13:01 41WhiteElephants